-
Notifications
You must be signed in to change notification settings - Fork 95
104 lines (98 loc) · 3.74 KB
/
build-and-test-pkg.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: Build, test and upload .msi to S3
# TODO: add scheduler and tests
on:
workflow_dispatch:
workflow_call:
inputs:
ref_name:
required: true
type: string
env:
GO111MODULE: on
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: read # This is required for actions/checkout
jobs:
get-tag-name:
name: Get tag name
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.check-tag.outputs.tag }}
steps:
- name: Check tag from workflow input and github ref
id: check-tag
run: |
if [ -n "${{ inputs.ref_name }}" ]; then
tag=${{ inputs.ref_name }}
else
tag=${{ github.ref_name }}
fi
echo "tag=$tag" >> ${GITHUB_OUTPUT}
windows-msi-build:
needs: get-tag-name
runs-on: [self-hosted, windows, amd64, release]
timeout-minutes: 100
steps:
- name: Configure git CRLF settings
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- name: Set up Python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: '3.x'
- name: Install AWS CLI
run: |
python -m pip install --upgrade pip
pip install awscli
- name: Validate aws CLI
run: |
aws --version
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
ref: ${{ needs.get-tag-name.outputs.tag }}
fetch-depth: 0
persist-credentials: false
submodules: recursive
- name: Set output variables
id: vars
run: |
$has_creds="${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name }}"
echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: ${{ secrets.WINDOWS_ROLE }}
role-session-name: windows-msi
aws-region: ${{ secrets.WINDOWS_REGION }}
- name: Remove Finch VM
run: |
wsl --list --verbose
wsl --shutdown
wsl --unregister lima-finch
wsl --list --verbose
- name: Clean up previous files
run: |
Remove-Item C:\Users\Administrator\.finch -Recurse -ErrorAction Ignore
Remove-Item C:\Users\Administrator\AppData\Local\.finch -Recurse -ErrorAction Ignore
make clean
cd deps/finch-core && make clean
- name: Build project
run: |
make FINCH_ROOTFS_LOCATION_ROOT=/__INSTALLFOLDER__
- name: generate msi
run: |
$version="${{ needs.get-tag-name.outputs.tag }}"
$version=$version.TrimStart("v")
if ($version -match '^[0-9]+\.[0-9]+\.[0-9]+$') {
Write-Host "Version matches format: $version"
}
else {
Write-Host "Version $version doesn't match format. Using default: 0.0.0"
$version="0.0.0"
}
powershell .\msi-builder\BuildFinchMSI.ps1 -Version $version
aws s3 cp "./msi-builder/build/Finch-$version.msi" "${{ secrets.WINDOWS_UNSIGNED_BUCKET }}Finch-$version.msi" --acl bucket-owner-full-control --no-progress